py-bitstring: updated to 4.4.0
4.4.0
This version adds a new optional Rust-based backend. This is turned off by default so
shouldn't affect users. The new backend uses the `tibs` library, which is
by the same author as `bitstring` and should allow some nice optimisations as
the whole stack can work together.
py-tibs: added version 0.7.0
tibs is a simple but powerful Python library for creating, interpreting and
manipulating binary data. It is 100% written in Rust to give it excellent
performance, and is from the same author as the bitstring library.
py-hypothesis: updated to 6.152.9
6.152.9
This release substantially improves our internal distribution for
generating integers. This release has the most visible effect on
"integers()", but may incidentally improve other strategies which draw
integers internally.
Our integers distribution had two problems. First, it had jagged
discontinuities at certain values where we switched sampling
approaches. Second, it used a different distribution for bounded and
unbounded ranges, which resulted in "st.integers()" and
"st.integers(-264, 264)" producing very different distributions
despite being semantically similar.
We now use a smooth distribution for both "st.integers()" and
"st.integers(a, b)", which fixes both of these issues. This should
substantially improve our testing power in certain cases.
[4 lines not shown]
py-twisted: updated to 26.4.0
Twisted 26.4.0 (2026-05-11)
This is the last release with support for Python 3.9.
No changes since 26.4.0rc2.
Security
- twisted.names was fix for Denial of Service (DoS) attack via resource exhaustion during DNS name decompression.
Reported and fixed by Tomas Illuminati Balbin CVE-2026-42304
Features
- twisted.internet.ssl.CertificateOptions has a new constructor argument, contextForServerName, which takes a callback that will get invoked when a client sends a server name indication, with the sent servername, and returns a new OpenSSL.SSL.Context that the connection will switch to.
- twisted.internet.endpoints.serverFromString now supports the `tls` endpoint
type, which allows you to do `twist web
--listen=tls:.../certbot-dir/config/live` pointed at a certbot live
configuration directory and have your certbot certificates automatically
[27 lines not shown]
py-libusb1: updated to 3.4.0
3.4.0
Resolve a python 3.14 deprecation warning about packed ctypes structs.
Bundle libusb1 dll 1.0.29 in Windows wheels.
Fix a licence inconsistency: the old pypi classifier was refering to the LGPL2+ instead of the LGPL2.1+
ghostscript-agpl: updated to 10.07.1
Version 10.07.1 (2026-05-19)
Highlights in this release include:
The 10.07.1 release is a maintenance release:
This release addresses a number of potential security issues.
The wider adoption of "C99" and later features has reached the point where we must ease our policy on this area. The Ghostscript/GhostPDL codebase will remain "C89" plus widely supported extensions but, as of the 10.08.0 release, our included third party libraries will be permitted to use "C99" and potentially later features.
The 10.07.1 removes the non-standard operator ".tempfile", and removes the "temp" directory from the default file permission lists. By default, such access is now only available internally, not from "user level" PostScript
Our efforts in code hygiene and maintainability continue.
The usual round of bug fixes, compatibility changes, and incremental improvements.
py-zipp: updated to 4.1.0
v4.1.0
Features
- Path.iterdir now raises NotADirectoryError (formerly ValueError) when call on something that's not a directory.
v4.0.0
Deprecations and Removals
- Drop workaround for stacklevel bug on older PyPy releases.
py-yarl: updated to 1.24.2
v1.24.2
Contributor-facing changes
- Switched the aarch64 and armv7l wheel builds to GitHub's native ARM
runners. The aarch64 wheels now build without QEMU emulation, and
armv7l runs on aarch64 hosts so its 32-bit ARM execution is far
cheaper than the previous aarch64-on-x86_64 path
- Restored per-runner native arches in the Windows wheel matrix on tag
releases. The previous ``CIBW_ARCHS_WINDOWS=AMD64 ARM64`` setting made
both ``windows-latest`` and ``windows-11-arm`` cross-compile the other
arch, producing two artifacts with identically-named wheels whose
bytes differed; the deploy job's ``download-artifact ... merge-multiple``
step tore those writes together, yielding a wheel that PyPI rejected
with ``400 Invalid distribution file. ZIP archive not accepted:
Mis-matched data size`` during the 1.24.0 and 1.24.1 releases
wireshark: updated to 4.6.6
4.6.6
The following vulnerabilities have been fixed:
wnpa-sec-2026-51 ROHC protocol dissector crash. Issue 21243.
The following bugs have been fixed:
Wireshark crashes when run under Visual Studio on Windows. Work item 24787.
Welcome page slide preferences are now available in the preferences window.
vwr: Read of uninitialized memory in pntoh16. Issue 16460.
vwr: Read of uninitialized memory in find_signature. Issue 16461.
Upgrades on Windows do not retain existing optional features unless explicitly requested, resulting in accidental removal of features. Issue 18925.
Wireshark.exe version 4.6.5 is twice as large as version 4.6.4. Issue 21233.
MACsec dissector global-buffer-overflow. Issue 21235.
Wireshark 4.6.5 does not run on Windows 10 version 1809 (including Server 2019 and some LTSC versions) Issue 21237.
Fuzz job issue: fuzz-2026-05-02-14184750352.pcap. Issue 21240.
[2 lines not shown]
memcached: updated to 1.6.42
1.6.42
This is a major security focused release. Nearly all of the fixes are security
related for issues that can cause memory corruption, crashes, and so on.
Fixes
vendor: Instructively warn if vendor blob missing
proxy: fix write length in extstore miss
Fix timing side-channel in SASL password database authentication
proto: fix signed overflow in bodylen for binprot
proxy: fix underflow with 0 length values
auth: fix data race during reload
auth: fix crash when given huge token
proto: fix crash in binary protocol
core: fix crashes from slabs reassign
proxy: check result of buffer parse in match_res
[2 lines not shown]
py-sphinx-gallery: updated to 0.21.0
v0.21.0
Support for Sphinx 5 dropped in this release. Requirement is now Sphinx >= 6.
Implemented enhancements:
- Add support for dynamic filtering by tag
Fixed bugs:
- Fix subsection header sanitization when ``nested_sections=False``
- Fix ``generate_gallery_rst`` when ``nested_sections=False`` user provides own ``index.rst``
Documentation
- DOC Add v0.20.0 to CHANGES.rst
- DOC Note sphinx bump in changes
[3 lines not shown]
mdbook: updated to 0.5.3
mdBook 0.5.3
Changed
- Improve spacing in sidebar section headings.
- Updated cargo dependencies.
Fixed
- The "current" page highlighting in the sidebar now handles servers that redirect and strip the `.html` extension.
- Remove `?highlight=` from URL when highlights are dismissed via clicking.
- Fix global keypresses triggering when other elements are in focus.
- Fix download URL format for mdBook in CI guide.
- Improve error message for invalid Font Awesome icons.
- Fix nested admonitions that use wrong header colors.
(devel/R-lazyeval) Updated 0.2.2 to 0.2.3
# lazyeval 0.2.3 (Time stamp of NEWS.md is 2026/04/03)
* Fixes for CRAN checks. The new implementation is now compliant with
the public C API of R and might differ from the historical one in
subtle ways.
